omniauth-aitu-passport 0.1.24 → 0.1.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/Gemfile.lock +1 -1
- data/lib/omniauth/aitu_passport/version.rb +1 -1
- data/lib/omniauth/strategies/aitu_passport.rb +29 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed9f43131e0356fa3011a05bb6c8928943718ffe2716426a04051f9ea2805cd9
|
|
4
|
+
data.tar.gz: 8dadf7133bc547aa229fe6e736825b79659f16bcbbdb892aa02ffd39b137f3d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 483dfd398af835545691c9efe60ffa11f45e6f6040fe047fd774f6a419707aeef7fb2c91a0506a70d837882fefad623e5efa262bf32239e378ab848f78bc4b65
|
|
7
|
+
data.tar.gz: b62d08dadc3a9537e51310f725b607ddd1fd7b30a80580bed692c90b27aa8b480255f7b1096a53861bf3154785594f05c6b585c681c1a73688dac65c94b27ef8
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require 'omniauth'
|
|
4
4
|
require 'oauth2'
|
|
5
5
|
require 'omniauth-oauth2'
|
|
6
|
+
require 'jwt'
|
|
6
7
|
|
|
7
8
|
module OmniAuth
|
|
8
9
|
module Strategies
|
|
@@ -19,6 +20,7 @@ module OmniAuth
|
|
|
19
20
|
}
|
|
20
21
|
|
|
21
22
|
option :pkce, true
|
|
23
|
+
option :jwt_leeway, 60
|
|
22
24
|
|
|
23
25
|
AVAILABLE_SCOPE_OPTIONS = %w[
|
|
24
26
|
openid
|
|
@@ -46,6 +48,8 @@ module OmniAuth
|
|
|
46
48
|
|
|
47
49
|
DEFAULT_SCOPE = 'openid phone'
|
|
48
50
|
|
|
51
|
+
ALLOWED_ISS = %w[https://passport.stage.supreme-team.tech https://passport.aitu.io].freeze
|
|
52
|
+
|
|
49
53
|
uid { raw_info['openid'] }
|
|
50
54
|
|
|
51
55
|
info do
|
|
@@ -59,9 +63,31 @@ module OmniAuth
|
|
|
59
63
|
end
|
|
60
64
|
|
|
61
65
|
extra do
|
|
62
|
-
{
|
|
63
|
-
|
|
64
|
-
|
|
66
|
+
hash = {}
|
|
67
|
+
hash[:id_token] = access_token['id_token']
|
|
68
|
+
if !options[:skip_jwt] && !access_token['id_token'].nil?
|
|
69
|
+
decoded = ::JWT.decode(access_token['id_token'], nil, false).first
|
|
70
|
+
|
|
71
|
+
# We have to manually verify the claims because the third parameter to
|
|
72
|
+
# JWT.decode is false since no verification key is provided.
|
|
73
|
+
::JWT::Verify.verify_claims(decoded,
|
|
74
|
+
verify_iss: true,
|
|
75
|
+
iss: ALLOWED_ISS,
|
|
76
|
+
verify_aud: true,
|
|
77
|
+
aud: options.client_id,
|
|
78
|
+
verify_sub: false,
|
|
79
|
+
verify_expiration: true,
|
|
80
|
+
verify_not_before: true,
|
|
81
|
+
verify_iat: false,
|
|
82
|
+
verify_jti: false,
|
|
83
|
+
leeway: options[:jwt_leeway])
|
|
84
|
+
|
|
85
|
+
hash[:id_info] = decoded
|
|
86
|
+
end
|
|
87
|
+
hash[:raw_info] = raw_info unless skip_info?
|
|
88
|
+
|
|
89
|
+
# returning resulting hash
|
|
90
|
+
hash
|
|
65
91
|
end
|
|
66
92
|
|
|
67
93
|
# Omniauth::Strategy
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-aitu-passport
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yaroslav Shevchenko
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-04-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: oauth2
|